1240 matches found
CVE-2021-21335
In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...
CVE-2020-5922
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...
CVE-2020-14455
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...
CVE-2020-26136
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...
CVE-2020-14246
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...
CVE-2019-19825
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an "topicurl":"setting/getSanvas" POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform...
CVE-2019-13394
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...
CVE-2019-17393
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP in cleartext that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and...
CVE-2019-16067
NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication...
CVE-2019-13393
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...
CVE-2025-4978 Netgear DGND3700 Basic Authentication BRS_top.html improper authentication
A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.151.00.15NA. This affects an unknown part of the file /BRStop.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely...
CVE-2025-4978 Netgear DGND3700 Basic Authentication BRS_top.html improper authentication
A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.151.00.15NA. This affects an unknown part of the file /BRStop.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely...
PT-2025-22135 · NetGear · Netgear Dgnd3700
Name of the Vulnerable Software and Affected Versions: Netgear DGND3700 version 1.1.00.15 1.00.15NA Description: A very critical issue was found, affecting the Basic Authentication component of the Netgear DGND3700. This issue leads to improper authentication and can be initiated remotely. The...
php: Stream HTTP wrapper header check might omit basic auth header
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...
php: Stream HTTP wrapper header check might omit basic auth header
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...
php: Stream HTTP wrapper header check might omit basic auth header
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...
php: Stream HTTP wrapper header check might omit basic auth header
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...
Mitsubishi (CVE-2022-33321)
Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...
CVE-2025-43704
Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server...
CVE-2025-43704
Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server...